Hi,

need a bit of network advice plz...

I currrently have 3 computers in my house which I want to network together. I have a broadband internet connection with a fixed IP address, and I want all 3 computers to be able to share this connection. One computer is Win XP, the other runs Vector Linux and the other one is dual boot.

I understand that I could set this up easily using a router, so I'm told.

HOWEVER...

I want to set up the Vector Linux system as a web server as a bit of a project, hosting one of my domains. When web traffic is routed to my IP address by the DNS, I don't want all 3 computers getting requests because of security and performance. I only want the system running Vector Linux (the web server) to get these requests. But I also want the other 2 computers to be able to access the web as required.

How would I go about this? Do I set up the Vector Linux machine as both a webserver and a router? I've considered just blocking the ports on the other 2 machines but then I'd get huge logs of attempted entries generated by the firewall...

I hope this is clear... ! Can anybody share some advice or previous experience please?

Thanks,
Melody

A router may still be your best bet. Most routers have port forwarding, in which you tell it which internal IP to route traffic to for a specified port range.

I have a linksys router and it has an option for DMZ which will allow incoming requests to a specific IP (lan). According to the directions, this is what you want. You know you also need a nameserver to map the domain to you IP, right?

This is a large project and I usually don't recommend anyone do it that plans on running a "serious" site at home. If you think about all of the time of setting up the system, upgrades for security, as well as physical security, and backups, you are looking at a full time job. For $15 per month, someone will do it for you.

Best of luck,
Greg

Port forwarding on the router would be superior to putting the box on the DMZ, acting as an additional layer of security for your server. If http access is all you need (likely not, but if...) then just forwarding port 80 from the router to your server should suffice. The router will reject all inbound requests by default anyway, or at least it should if it's worth a nickel at all.

I use LinkSYS equipment at a couple of SOHO installations near here. I'd recommend them over DLink, personally, from experience; but I'm not sure but what NetGear would have 'em both beat, and if you can afford Cisco.....ah, well, nevermind.

There is, of course, the ability to use the Linux box as the router, but that's maybe a bridge too far (no pun intended...)

I use Linksys as well, and port forwarding works great for me.

And technically, Linksys is Cisco, since Cisco bought them :D

im setting up a web server and im going to do alot of things with it so im gonna use DMZ! but im gonna have to routers

ROUTER 1 has webserver on DMZ behind router 2 the rest of my computers!

just to have 100% protection from anything that gets onto the web server :)

routers are hella cheap now adays

Thanks for the help guys. I've just got hold of a Netgear router based on you advice... will give it a go! Yeah setting up BIND should be ...fun... Cheers

Melody

hi melody - i saw that this thread is resolved, but wanted to add my 2 pence (i'm english!) anyway

i bought a netgear rp 614 v2 router for £48 - about $70 i think. I plugged my cable modem into it, went to the ip address from my laptop, clicked auto setup and the network is done - just like that!

Then you can set up a DMZ (demilitarised zone) computer, which is where all port requests get forwarded to this comp by the router, or you can just use port forwarding to forward http (80) to your web server. It's stupidly easy.

The other thing, which i haven't utilised, is that my router has an option to add a http://www.dyndns.org domain or whatever, so you can bind a domain name to a dynamic ip. Not used this, but looks simple.

also, with no setup required, all the computers can access the internet, msn messenger, etc etc

adam

Thanks for the post Adam.

Just so happens that's exactly the same router that I've bought - as you say, extremely easy to set up with port forwarding. Comes highly recommended. I might give a go to what's been suggested about using DMZ - a new concept to me!

Thanks for everyone's help.

Melody

Just wanted to reiterate --- if you go with the DMZ, get the firewall running first. The web is a dangerous place for servers, believe it or not.